CVE-2014-9263

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-9263
Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the (1) StartRecord, (2) StartRecordEx, (3) StartScheduledRecord, (4) SetDisplayText, (5) GetONVIFDeviceInformation, (6) GetONVIFProfiles, or (7) GetONVIFStreamUri method or a crafted filename to the (8) SaveCurrentImage or (9) SaveCurrentImageEx method.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.securityfocus.com/bid/71488
http://www.zerodayinitiative.com/advisories/ZDI-14-393/
http://www.zerodayinitiative.com/advisories/ZDI-14-394/
http://www.zerodayinitiative.com/advisories/ZDI-14-395/
http://www.zerodayinitiative.com/advisories/ZDI-14-396/
http://www.zerodayinitiative.com/advisories/ZDI-14-397/
http://www.securityfocus.com/bid/71488
http://www.zerodayinitiative.com/advisories/ZDI-14-393/
http://www.zerodayinitiative.com/advisories/ZDI-14-394/
http://www.zerodayinitiative.com/advisories/ZDI-14-395/
http://www.zerodayinitiative.com/advisories/ZDI-14-396/
http://www.zerodayinitiative.com/advisories/ZDI-14-397/
Configurations

Configuration 1 (hide)

cpe:2.3:a:3s_pocketnet_tech:3s_pocketnet_tech_video_management_software:-:*:*:*:*:*:*:*
History

21 Nov 2024, 02:20

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/71488 - () http://www.securityfocus.com/bid/71488 -
References () http://www.zerodayinitiative.com/advisories/ZDI-14-393/ - () http://www.zerodayinitiative.com/advisories/ZDI-14-393/ -
References () http://www.zerodayinitiative.com/advisories/ZDI-14-394/ - () http://www.zerodayinitiative.com/advisories/ZDI-14-394/ -
References () http://www.zerodayinitiative.com/advisories/ZDI-14-395/ - () http://www.zerodayinitiative.com/advisories/ZDI-14-395/ -
References () http://www.zerodayinitiative.com/advisories/ZDI-14-396/ - () http://www.zerodayinitiative.com/advisories/ZDI-14-396/ -
References () http://www.zerodayinitiative.com/advisories/ZDI-14-397/ - () http://www.zerodayinitiative.com/advisories/ZDI-14-397/ -
Information

Published : 2014-12-08 16:59

Updated : 2024-11-21 02:20

NVD link : CVE-2014-9263

Mitre link : CVE-2014-9263

CVE.ORG link : CVE-2014-9263

JSON object : View

Products Affected

3s_pocketnet_tech

  • 3s_pocketnet_tech_video_management_software
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer